Vulnerabilities > Mediawiki > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-05 | CVE-2024-47846 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki Cargo 3.6.0 Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | 8.8 |
2023-10-09 | CVE-2023-45371 | Allocation of Resources Without Limits or Throttling vulnerability in Mediawiki An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 7.5 |
2023-10-09 | CVE-2023-45363 | Infinite Loop vulnerability in multiple products An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. | 7.5 |
2022-09-19 | CVE-2022-28203 | Release of Invalid Pointer or Reference vulnerability in multiple products A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. | 7.5 |
2022-09-19 | CVE-2022-28204 | Unspecified vulnerability in Mediawiki 1.37.0/1.37.1 A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. | 7.5 |
2022-06-28 | CVE-2022-34750 | Allocation of Resources Without Limits or Throttling vulnerability in Mediawiki An issue was discovered in MediaWiki through 1.38.1. | 7.5 |
2022-04-30 | CVE-2022-28323 | Unspecified vulnerability in Mediawiki An issue was discovered in MediaWiki through 1.37.2. | 7.5 |
2022-04-21 | CVE-2022-29547 | Incorrect Default Permissions vulnerability in Mediawiki Createredirect The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. | 7.5 |
2022-02-18 | CVE-2017-0371 | Unspecified vulnerability in Mediawiki MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute. | 7.5 |
2022-01-10 | CVE-2021-46147 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. | 8.8 |